Intrusion attempt by netmike assessor administrator???

Dear Wilders,
I have NIS installed on my XP system which performs very well. Recently I have had alerts telling me I was under attack Using port 3150, which I see is described as being used by the ''Netmike assessor administrator''. What or who is this??
I have also had attacks using port 52264, which is described as private?? Can any body enlighten me to these intrusion attempts.
Thanks Gordon

quoting: ghodgson link=board=23;threadid=26787;start=0#msg154747 date=1080989756]I have NIS installed on my XP system which performs very well. Recently I have had alerts telling me I was under attack Using port 3150, which I see is described as being used by the ''Netmike assessor administrator''. What or who is this??

Click to expand...

Was this in the firewall logs prefixed by something like "Default Trojan ..."? If so, it will just be a scan to one of the default trojan rules in NIS. These rules block scans/connection attempts to ports commonly used by or associated to known malware. While the names can sound a little ominous, the firewall is blocking these and it does not mean you are infected in any way.

I have never been a fan of these defaut trojan rules which are now up to around 70 and just delete them, replacing them with 2 custom block rules instead.

I have also had attacks using port 52264, which is described as private?? Can any body enlighten me to these intrusion attempts.

Dear Crazy M, These were intrusion alerts, quite a few in number and the alerts of course gave me their URL and the port, I did a WHOIS check to find out the source of the attack [as I put their URL address range into my Firewall restricted zone] to prevent further attempts. The attack was, I believe from Holland in the port 3150 instance. I then looked up what port 3150 is primarily used for on GRC.com and the info was that 3150 is used by the 'netmike assessor administrator''. Hence my query as to who is this?? A similar scenario for the other port which was described as for private use by GRC.com. I just wondered what these ports are used for.
I suppose a hacker can use any port they choose, last night I was bombarded 19 times from a computer with a URL of 12.222.111.135 using 4 different ports 60407, 55930, 55228, and 53868, this was over a period of about 30 minutes .........and I only have a dial up! The WHOIS told me this URL was originating in New York [ I am in the UK]. So NIS is doing its job, thank God for firewalls.
What 2 rules have you used to replace all the Trojan rules?
My PC is clean, I have Adaware 6, Spybot s&D, Spyware baster, spyware guard, Norton AV and NIS so am not too worried about malware.
Regards and thanks Gordon

quoting: ghodgson link=board=23;threadid=26787;start=0#msg155407 date=1081086814]These were intrusion alerts, quite a few in number and the alerts of course gave me their URL and the port, I did a WHOIS check to find out the source of the attack

Click to expand...

When posting about firewall alerts and log entries it is helpful if you post full details: direction, protocol, source IP/port, destination IP/port ( just xxx out your public IP).

[as I put their URL address range into my Firewall restricted zone] to prevent further attempts.

Click to expand...

No real need to put them in the restricted zone. The firewall was already blocking them and will continue to do so.